• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to a technique for providing secure processing and data storage for a wireless communication device. In a particular design, remote terminal 110 includes data processing units 210, 224, main processor 230, and security unit 240. The data processing unit processes the data for communication over the wireless link. The main processor provides control for the remote terminal. The security unit is responsible for secure processing (eg electronic funds, personal data, certificates, etc.) and secure storage of data (e.g., electronic funds, personal data, certificates, etc.) for performing secure processing (e.g., using public key encryption) for remote terminals. Memory 254 to perform. The secure processor includes an embedded ROM 252 that stores program instructions and parameters used for secure processing. For enhanced security, the secure processor and memory are implemented in a single integrated circuit. Messaging and data are interchanged with the security unit via a single entry point provided by bus 262.
    公开号:KR20030080095A
    申请号:KR10-2003-7012011
    申请日:2002-03-15
    公开日:2003-10-10
    发明作者:안토니 마우로
    申请人:콸콤 인코포레이티드;
    IPC主号:
    专利说明:

    Method and apparatus for providing secure processing and data storage for wireless communication devices {METHOD AND APPARATUS FOR PROVIDING SECURE PROCESSING AND DATA STORAGE FOR A WIRELESS COMMUNICATION DEVICE}
    [2] Wireless communication systems have been widely used to provide various forms of communication. These systems are based on code division multiple access (CDMA), time division multiple access (TDMA), or some other modulation technique. CDMA systems offer certain advantages over other types of systems, including increased system capacity.
    [3] Conventional wireless communication systems are typically designed to provide voice and data packet services. For these services, the data to be transmitted is processed (e.g., encoded, covered and spread) and conditioned (e.g., amplified, filtered and upconverted) to generate a modulated signal suitable for transmission over the wireless link. In order to provide a security level of transmission and to prevent eavesdropping, the data is also scrambled into a unique long pseudo-random number (PN) sequence assigned to the user terminal initiating or receiving the transmission.
    [4] With the explosive growth of computer networks such as the Internet, users with remote terminals can access data and services from multiple entities (eg, websites). Through wireless links and computer networks, remote terminals can retrieve and transmit data, purchase goods and services, and conduct other transactions. For many applications, no security is required and data is sent clear (without encryption). However, for certain other applications, "sensitive" data are interchanged. Examples of such sensitive data include personal information, credit card information, accounting information, and the like. For applications related to sensitive data, scrambling with a long PN sequence provides only limited protection for the radio portion of the transmission. Such scrambling typically does not provide sufficient security for communication.
    [5] For certain secure commerce, it is important to identify the actual identification number (eg, remote terminal) of the entity participating in the commerce. Typically, a cellular system identifies a remote terminal by its mobile station identification number (MIN) and device serial number (ESN). The disadvantage of this identification process is that the MIN / ESN is transmitted over the air over an unsecured control channel. These channels are easily monitored to obtain MIN / ESN information of the active remote terminal. Once the MIS / ESN information is known, it can be used to reprogram another remote terminal into an illegal copy of the original (legal) unit. Thus, MIN / ESN does not have sufficient security to be used for authentication of remote terminals.
    [6] Therefore, a need exists for a technology that can support secure transactions for wireless communication devices.
    [1] The present invention relates generally to techniques for providing secure processing and data storage for data communications, in particular for wireless communication devices.
    [14] 1 is a block diagram of a system capable of supporting secure communication over a wireless link in accordance with aspects of the present invention.
    [15] 2 is a block diagram of an embodiment of a remote terminal that may implement various aspects of the present invention.
    [16] 3 is an illustration of a particular embodiment of a security unit in a remote terminal.
    [17] 4A and 4B are simplified diagrams of processes for authenticating and encrypting / decrypting messages, respectively.
    [18] 5A is a diagram of an ITU X.509 certificate used for authentication.
    [19] 5B is a diagram of a particular embodiment of the memory in the security unit.
    [20] 6A-6C illustrate initial loading, successful subsequent loading, and failed subsequent loading, respectively, of a certificate into a secure unit in accordance with an embodiment of the present invention.
    [21] 7 illustrates an SSL transaction between a client and a server.
    [7] A feature of the present invention provides a technique for providing secure processing and data storage for a wireless communication device. Secure processing and data storage can be achieved using different encryption techniques in different ways based on different designs. In one design, security is achieved by designing a security unit to perform all security processing and store all sensitive data.
    [8] Certain aspects of the present invention provide a remote terminal in a wireless communication system capable of providing secure processing and data storage. The power terminal includes a data processing unit, a main processor and a data storage unit. The data processing unit processes the data for communication over the wireless link. The main processor provides control of the remote terminal (eg, control of the data processing unit). The security unit includes a secure processor that performs secure processing for the remote terminal and a memory that provides secure storage of data (electronic funds, personal data, certificates used for authentication, etc.).
    [9] The secure processor may be designed to include a (built-in) read-only memory (ROM) that stores program instructions and parameters used for secure processing. For increased security, the memory can be implemented in a single integrated circuit (IC), which includes the main processor. Messaging and data are interchanged with the security unit through a single entry point provided by the bus.
    [10] The security unit can be designed to implement public key cryptography for secure processing. In this case, the private and public keys used for the security processing are generated based on various designs and stored in the security unit in various ways as will be described below.
    [11] Secure processors have the ability to implement one or more security protocols, such as, for example, Secure Socket Layer (SSL) protocol, Transport Layer Security (TLS) protocol, Internet Protocol Security (IPSec), and Wireless Application Protocol (WAP). It is designed to be. For each secure transaction with an external entity, the security unit can be configured to act as a client or server.
    [12] The present invention provides various features, embodiments, and methods, apparatus, and elements for implementing the features, as will be described in detail below.
    [13] The features, features and advantages of the present invention will become apparent from the following detailed description taken in conjunction with the accompanying drawings, wherein like reference numerals identify correspondingly throughout.
    [22] 1 is a block diagram of a system 100 capable of supporting secure communications over a wireless link, in accordance with certain aspects of the present invention. In system 100, each remote terminal 110 communicates with one or more base stations 120 over a wireless link at any particular moment, depending on whether the remote terminal is activated and whether it is soft handoff. Each base station 120 is connected to and communicates with a base station controller (BSC) 130, which provides coordination and control for the base station. The BSC 130 communicates with a base station connected to the BSC 130 to control the routing of calls to remote terminals.
    [23] For data services, the BSC 130 is connected to a data packet service node (PDSN) 140, which performs several functions to support packet data services. PDSN 140 is coupled to network 150 (eg, an Internet Protocol (IP) network such as the Internet) coupled to multiple servers 160. Each server 160 operates to provide data and / or services.
    [24] For voice service, the BSC 130 is connected to a mobile switching station (MSC) 142 connected to a public switched telephone network (PS number) 152. The MSC 142 controls the routing of telephone calls between the remote terminal 110 and the user connected to the PSTN 152 (eg, a regular telephone) via the BSC 130 and the base station 120.
    [25] The wireless portion of system 100 may be designed to support one or more CDMA standards, such as IS-95, IS-98, cdma2000, W-CDMA or some other CDMA standard or combinations thereof. These CDMA standards are known to those skilled in the art and are hereby incorporated by reference.
    [26] 2 is a block diagram of an embodiment of a remote terminal 110, which may implement various aspects of the present invention. Remote terminal 110 is used to provide data processing units used to process data to communicate with one or more base stations via forward and reverse links, main processors used to provide control of remote terminals, and secure processing and data storage. Secured unit.
    [27] For the reverse link, data is provided (typically in blocks or packets) from the data source to the transmit (TX) data processor 210, which formats and encodes the data to provide encoded data. Modulator / transmitter unit (MOD / TMTR) 212 receives modulation, modulates data suitable for transmission over a wireless link for processing (e.g., covering, spreading, scrambling, filtering, amplifying, modulating and upconverting). Generate a signal. The modulated signal is routed through duplexer 214 and transmitted via antenna 216 to one or more base stations 120. The encoding and processing at the remote terminal 110 depends on the CDMA standard or system to be implemented. The processing of the reverse link signal at the receiving base station is complementary to that performed at the remote terminal 110.
    [28] For the reverse link, the forward link signal transmitted from one or more base stations 120 is received by antenna 216, routed through duplexer 214 and provided to receiver / demodulator (RCVFR / DEMOD) 222. Within receiver / demodulator 222, the received signal is conditioned (e.g., amplified, filtered, downconverted, quadrature demodulated, and digitized) and processed (e.g., descrambled, despread, and decoded). Provide a symbol. A receive (RX) data processor 224 decodes the symbol to recover the transmitted data, which is provided to a data sink (eg, system memory 236). Processing and decoding for the forward link signal is performed complementary to the processing and coding performed at the transmitting base station.
    [29] In the embodiment of FIG. 2, the remote terminal 110 further includes a main processor 230 that acts as a central processing unit for the remote terminal. The main processor 230 cooperates and controls the operation of the various elements in the remote terminal 110 to perform various processing functions and further achieve desired functionality. For example, main processor 230 typically directs the operation of TX and RX data processors 210 and 224 to process data on the forward and reverse links, respectively.
    [30] Main processor 230 is coupled to a bus 232 that interconnects a number of other elements, such as input / output (I / O) interface 234, system memory 236, and security unit 240. I / O interface 234 provides an interface with a user and includes a keypad, display unit, speaker, microphone, and others as possible. System memory 236 includes random access memory (RAM) and read-only memory (ROM) used to store program instructions (e.g., for main processor 230) and data. Security unit 240 provides secure processing and provides secure storage, which are described in detail below.
    [31] Main processor 230 is designed to operate based on program instructions downloaded onto system memory 236 (eg, flash memory that is part of memory 236). Downloading is accomplished via external I / O lines or wireless communication. Due to their easy connectivity, the main processor 230 is affected by attacks due to radio negotiation as well as external I / O lines.
    [32] Secure processing and data storage are achieved based on different designs and in different ways using different encryption technologies. In one design, security is achieved by designing the security unit 240 to perform all security processing and store all "sensitive" data. In general, sensitive data includes data that needs to be protected from unauthorized access. In another design, security is achieved by designing the security unit 240 to perform all security processing (eg, based on an encryption key stored within the security unit), while sensitive data is secured and external to the security unit 240. (Eg, in system memory 236). Some of these designs are described below, others are possible and are within the scope of the present invention.
    [33] 3 is a diagram of a particular embodiment of a security unit 240. In such an embodiment, the security unit 240 effectively implements a secure digital “bolt” using the security processor 250 to connect to the nonvolatile memory 254, where the nonvolatile memory has other untrusted units. (Eg, main processor 230). In one embodiment, to provide enhanced security, the security unit 240 is connected to the remote terminal 110 (eg, main) via a single entry point provided via a bus 262 directly connected to the security processor 250. The processor 230 interfaces with other elements in the system memory 236. This design allows all communication and data exchanges with security unit 240 to be channeled through one trusted processor 250, which is a security attack and illegal entity that attempts to penetrate the security unit to retrieve secure data. Designated and designed as a safeguard against (e.g., hackers, viruses, etc.).
    [34] Secure processor 250 is a reliable processing unit that performs secure processing for remote terminal 110. Security processing is accomplished based on program instructions and parameter values (eg, encryption keys) stored in ROM 252. The security processor 250 receives external messages and data via the bus 262, authenticates and / or processes the received messages and data, and stores the data in memory. When required and instructed, secure processor 250 retrieves data stored in memory 254, processes and / or encrypts the received data, and transmits an external element (eg, a main processor (eg. 230)).
    [35] Memory 254 is a nonvolatile memory used to store sensitive data and (possibly) program instructions. Due to its location after secure processor 250, memory 254 is physically isolated from other unsecured elements, which cannot be directly connected to memory 254. Memory 254 is supplemented with a battery and implemented as flash memory.
    [36] In the embodiment shown in FIG. 3, ROM 252 stores program instructions and security parameters that are implemented within security processor 250 and used to perform security processing. This design allows the security processor 250 to operate without dependence on other external elements, which dependence cancels out security. Program instructions and parameters are loaded into ROM 252 via a secure operation (eg, during the manufacturing phase) and made available for later use.
    [37] Several mechanisms are used to prevent unauthorized access to the memory 254. In one embodiment, secure processor 250 and memory 254 are implemented within a single integrated circuit (IC). This allows the memory 254 to be physically secured with the secure processor 250 and to prevent tampering with the memory 254. The IC may or may not include other elements of the power terminal 110 (eg, main processor 230). In another embodiment, security processor 250 and memory 254 may be implemented as two separate units sealed within a tamper resistant / evident unit that is secure and / or tamper resistant. Other mechanisms for preventing unauthorized access to the memory 254 may be implemented and are within the scope of the present invention.
    [38] The security unit 240 is designed to implement a number of security functions for the remote terminal 110, which terminal can be used for various applications. Such security functions include one of the following combinations: authentication, encryption, data storage / manipulation, and possibly others. The authentication includes the processing necessary to verify the actual identification number of the entity, such that the remote terminal 110 verifies the identification number of the external entity (eg, server 160) or the external entity identifies the identification number of the remote terminal. Encryption includes processing to secure the data such that unauthorized entities cannot block and recover the data. Secure data storage / operation entails the safety of unauthorized connections and is only updated on demand when appropriate. These security functions will be described in detail below.
    [39] Several schemes are used to implement authentication and / or encryption. One popular scheme is based on public key cryptography, which uses a pair of key-private keys and a public key. The private key is kept secret and the public key is provided as needed (e.g., authenticated, encrypted or decrypted). The secret key is generated for a specific secure transaction based on the private key. Generation and management of keys is described in detail below. Other security functions (ie, authentication or encryption or both) are achieved based on how the key handles the data.
    [40] Other schemes are used for authentication and / or encryption and are within the scope of the present invention. For example, a secret key based on DES (data encryption standard) is used. For secret key encryption (also called symmetric encryption), both trading entities a priori know the secret keys and keep these keys secret to other entities.
    [41] 4A is a simplified diagram of a process for authenticating a message. Authentication is used by remote terminal 110 or an external entity (eg, server 160) or both to verify what the source of the message requires. At the transmitting entity A, the message M to be transmitted is hashed by a hash function (block 414) to provide a message digest D. The hash function can be SHA-1 (Secure Hash Algorithm), MD-4 (Message Digest), MD-5, or some other hash algorithm known to those skilled in the art.
    [42] The message digest is encrypted or signed (block 416) with the private key of the transmitting entity to generate a signature (S). Encryption is known to RSA (Rivest, Shamir, Adleman), Diffle-Hellman, DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), CAVE (Cellular Authentication and Voice Encryption, defined as IS-95), or to those skilled in the art. It can be based on several different encryption algorithms. "Signaling" may be based on the Digital Signature Algorithm (DSA) as defined in DSS (Digital Signature Standard) or some other algorithm. The private key is kept secret and only known to the transmitting entity. Both the message and the signature are sent to the receiving entity B.
    [43] At the receiving entity, the transmitted message and signature are received and the received message M 'is hashed (block 424) with the same hash function as used at the transmitting entity (block 424) to generate a recovered message digest D'. do. The received signature S 'is decrypted or processed / verified with the public key of the transmitting entity (block 426) to produce a value. Depending on the algorithm used, the decryption / verification may be based on the same or complementary algorithm used at the transmitting entity. The generated value is compared with the recovered message digest (block 428) and the sending entity is authenticated if the two values match.
    [44] 4B is a simplified diagram of a process of encrypting a message. Encryption is used by the remote terminal or an external entity or both prior to transmission. At the transmitting entity A, the message M to be transmitted is encrypted with the public key (or secret key) of the receiving entity (block 434) to produce an encrypted message that only the receiving entity can recover. Encryption is based on RSA, Diffle-Hellman, DES, IDEA or some other encryption algorithm. The encrypted message is sent to the receiving entity B. Secret keys are generated for communication (or transactions) based on Diffle-Hellman or RSA algorithms.
    [45] At the receiving entity, the transmitted message is encrypted with the same or complementary algorithm as used at the receiving and transmitting entity (block 444). Decryption is performed with the private key (or complementary secret key) of the receiving entity. Thus, the receiving entity can recover the encrypted message because it only has a private key (or secret key) corresponding to the public key used to encrypt the message.
    [46] Based on the above description for authentication and encryption, the generation and management of keys is an important feature of a security system. In a public key system, a private key and a public key are needed for secure processing. These keys are generated based on various schemes and provided to the remote terminal in a secure manner.
    [47] In one key management scheme, private and public keys are generated for the remote terminal (eg by a certificate authority) and the private key is stored permanently in the remote terminal. Persistent storage is achieved, for example, by etching the private key in the metal layer of the secure processor 250 during the manufacturing process. This effectively "stamps" each remote terminal to have its own permanent private key, which makes the private key safe from tampering, penetration and alteration.
    [48] In another scheme, a private and public key are generated for the remote terminal, and the private key is loaded into secure storage (eg, ROM 252 or memory 254) in secure processor 250. Loading of the private key is For example, it is achieved in a secure environment during the manufacturing process or at a time after the security is detected to be offset, for example, a private key by a blown fuse (e.g., electronically or with a laser). Stored in ROM 252. This scheme provides flexibility in updating the key, since the private key is secure because secure storage is inaccessible by external elements.
    [49] In another scheme, the private and public keys are generated by security processor 250 as required or desired. Such keys may be generated entirely by the remote terminal, or may be generated based on parameters provided by an external source (eg, a certification authority). This scheme provides flexibility in updating keys. The private key may be stored in secure storage (eg, ROM 252 or memory 254).
    [50] For the schemes described above, the private key is typically stored in secure memory (eg, stored in memory 254). The public key is then provided to another entity whenever needed. The public key is authenticated by a trusted certificate authority and encapsulated in a certificate, which is stored in secure storage as described below.
    [51] Public key cryptography allows an entity to negotiate the key used to perform secure processing. In many instances (e.g. e-commerce), knowing the key in advance is not practical. In public key cryptography, two transacting entities can use different private keys and exchange them according to their public key or secret key needs. Secret keys (eg, for a particular transaction) are generated based on Diffle-Hellman or RSA algorithms and interchanged as needed.
    [52] The public key is encapsulated in a certificate, which certificate is sent and used for authentication and / or encryption. Initially, the remote terminal has a public key (eg, based on one of the techniques described above). As defined by ITU DX.509, RKIX certificates are issued by remote terminals. The certificate contains various types of information such as the public key, signature, and unique algorithms and parameters used to generate the signature of the remote terminal. The certificate can be stored by the remote terminal and used for later authentication, which is accomplished based on several schemes.
    [53] In one authentication scheme, a certificate is issued and signed by a trusted certificate authority that authenticates the identification number of the remote terminal. Authentication of the remote terminal is then achieved as follows. The remote terminal sends a message signed by the remote terminal with a certificate to an external entity (eg, server 160), which includes the public key of the remote terminal and the signature of the certificate authority. The external entity receives the remote terminal certificate, authenticates the signature of the certificate authority, and uses the remote terminal's public key to authenticate the signed message. Thus, the external entity can verify the identification number of the remote terminal, as authenticated by a trusted certificate authority.
    [54] In another authentication scheme, a certificate is generated and signed by a remote terminal. Authentication of the remote terminal is accomplished as follows. The remote terminal sends a message signed by the remote terminal with a certificate to an external entity, which includes the public key of the remote terminal and the signature of the remote terminal. The external entity receives the remote terminal certificate, authenticates the remote terminal's signature, and uses the remote terminal's public key to authenticate the signed message. The external entity verifies the identification number of the remote terminal based on the signature of the remote terminal.
    [55] Other schemes can be used for authentication and are within the scope of the present invention. Different levels of authentication are achieved, for example, based on different uses of the certificate. The specific authentication scheme used for secure transactions depends on the type of transaction performed.
    [56] 5A is a diagram of an ITU X.509 certificate 510 used to encrypt a public key. Certificate 510 includes a number of fields used to provide various types of information associated with a key. The version field 512 identifies the format of the certificate (eg, X.509 version 3). The certificate serial number field 514 contains the unique serial number assigned to this certificate (by the certificate issuer, i.e. the certificate authority). Signature algorithm identification field 516 identifies the unique algorithm (eg, MD-5 hash, RSA signature, or some other) used by the certificate issuer to sign the certificate. This allows the entity receiving the certificate to process and authenticate the certificate. The issuer name field 518 identifies the unique trusted certificate authority (eg Verisign, Belsign, American Express, etc.) that issues the certificate, if any.
    [57] The validity field 520 identifies the time period during which the certificate is valid. This period is typically determined by the publisher. The object name field 522 contains the name of the entity for which the certificate is generated (“object”). The object public key field 524 includes an object public key (eg, RSA, 0xabcdef, 0x12345). Issuer unique ID field 526 and object unique ID field 528 each contain an ID assigned to the issuer and the object. Extension field 530 includes keys, policy information, attributes, constraints, and other related information. Signature field 532 includes the signature generated by hashing fields 512 through 530 and encrypts / signs the hash digest with the issuer's public key.
    [58] 5B is a diagram of a particular embodiment of the memory 254. The implementation of the memory 254 typically depends on the overall design of the security unit 240. Moreover, the type of data to be stored in memory 254 depends on the scheme used for security processing. In the embodiment of FIG. 5B, memory 254 includes a flag field 552, an authentication field 554, and a number of data fields 556a-556n. Additional and / or other fields may be supported and are within the scope of the present invention.
    [59] The flag field 552 includes one or more flags indicating the state of the memory 254 and the state of the stored data. Flags in field 552 allow the security unit 240 to keep track of authorized memory connections, parameter and data updates, alarms, and the like, as described below. For example, a flag is provided to indicate whether a certificate has been stored in memory 254. Authentication field 254 stores one or more certificates, which are used to authenticate remote terminal 110 and / or other entities. Certificates are typically loaded into memory 254 via secure transactions (as described below) and typically include parameters (e.g., encryption keys) used to perform secure processing (as described above). do. Data field 556 stores sensitive data and possibly data necessary for operation of secure processor 250.
    [60] Various types of sensitivity data are stored in the security unit 240. Such sensitivity data includes, for example, personal information, financial information (eg, credit card numbers, electronic money balances, accounting information, etc.), authentication information, and other information. Some forms of these data are described below. In general, any data that needs to be protected from unauthorized access is considered sensitive data and stored in secure unit 240.
    [61] certification. As remote terminals (eg, cellular telephones) become an integral part of e-commerce devices, they inevitably need to act as "servers". For example, before being trusted with sensitive data or before a transaction is started, the actual identification number of the remote terminal needs to be verified. In this case, the remote terminal is authenticated by the external entity and satisfies the external entity. This authentication is accomplished based on a certificate containing identification number verification information for the remote terminal. If the remote terminal certificate is distributed from a trusted certificate authority and thus verified, the identification number of the remote terminal can be authenticated as verified by the certificate authority. The vault is used to store one or more remote terminal certificates. For example, certificates for all members of a family or team are stored, and each member has individual "personal accounting" information stored in other pins for access.
    [62] Electronic wallet. The remote terminal acts as a “wallet” and stores electronic money in a secure digital vault (eg, in memory 254). For example, a user communicates with a bank to download funds in a vault. The funds are then used to pay for the purchase of goods and services from the goods or websites or transferred to other devices or entities. The user can also replenish the vault with additional funds of interest. For each transaction, the appropriate amount is deducted or credited from the current account. The transaction is accomplished via wireless communication (e.g., via a Bluetooth connection with a suitably equipped cache register, via a wireless connection to a website, etc.).
    [63] Encryption Information. The remote terminal stores encryption parameters and keys used for security processing. These parameters include, for example, those used in the CAVE algorithm defined by IS-95 to authenticate remote terminals. The remote terminal is designed to store a session key used to support a secure session with the website. The session key is provided at the beginning of the session and discarded at the end of the session. The remote terminal stores the encryption key used for signing and verifying messages, encrypting and decrypting data.
    [64] 6A is a diagram illustrating the initial loading of a certificate into security unit 240, in accordance with an embodiment of the present invention. In one embodiment, the level of security that should be implemented for certificate loading depends on the state of secure storage (eg, memory 254). If the secure storage is empty (eg, as indicated by the flag), the certificate is loaded with reduced security checks. Otherwise, if the secure storage already contains a certificate, complex transactions involving many security checks are performed. The process shown in FIG. 6A is used to load a private key for a remote terminal if not already embedded in the secure processor. The process is used to load primary and secondary user certificates into memory 254.
    [65] The certificate contains the public key of the remote terminal. Depending on the particular scheme used, the certification authority may either (1) generate a private and public key of the remote terminal and provide them to the remote terminal, or (2) a public key generated by the remote terminal. Next, the public key is encapsulated in a certificate as shown in FIG. 5A. If encapsulation is performed by a certificate authority, the signature of the certificate authority is included in the certificate and the verification of the remote terminal and the validity of the public key by the certificate authority are verified.
    [66] Initial certificate loading is performed during or after the manufacturing process. As shown in FIG. 6A, the certificate is loaded via a transaction between the trusted certification authority 600 and the secure processor 250 via the main processor 230. Initially, the certification authority 600 sends a message 612 requesting the certificate to be loaded. The main processor 230 receives and processes the message and, in response, sends a request 614 requesting to check the state of the secure storage (eg, memory 254). The secure processor 250 receives the request and determines the state of the secure storage, for example, by examining a specific flag indicating whether the in-memory certificate field has been filled or emptied. If secure storage has been emptied (ie does not include a certificate), secure processor 250 sends a message 616 indicating this status. Main processor 230 receives message 616 and reports the status of secure storage to certificate authority 600 via message 618.
    [67] In response to the message 618, the certification authority 600 transmits the certificate via the load certificate message 620. The main processor 230 receives the message 620 and forwards it to the secure processor 250, which loads the certificate (eg, contained in the message) into the secure storage and sets it to be further flagged. . The secure processor 250 sends an acknowledgment message 624, which is received by the main processor 230 and forwarded to the certificate authority 600.
    [68] 6B is a diagram illustrating subsequent loading of a certificate into security unit 240, in accordance with an embodiment of the present invention. The certificate needs to be updated through subsequent certificate loading when it is determined that the user information has changed, the key has been canceled or changed for other reasons. Initially, the certification authority 600 sends a message 612 requesting the certificate to be loaded. The main processor 230 receives and processes the message and in response sends a request 612 requesting to check the state of the secure storage. The secure processor 230 receives the request to determine the state of the secure storage. If secure storage has been filled (ie, already contains a certificate), secure processor 250 sends a message 636 indicating this status. The main processor 230 receives the message 636 and sends a first message 638 indicating that the certificate already exists in the memory 254 and a second message 640 requesting authentication of the certificate authority 600. Send to the certification authority (600).
    [69] In response to the message 640, the certification authority 600 sends a signed message 642. The main processor 230 receives and processes the message 642 and sends a message 644 to the secure processor 250 requesting to authenticate the signed message. The secure processor 250 verifies the signed message (e.g., using the public key of the certification authority 600), sets the status of the secure storage to empty when authenticated, and an acknowledgment message indicating that authentication has passed. Send 646. The main processor 230 receives this approval and forwards it to the certification authority 600.
    [70] In response to the message 646, the certification authority 600 sends the certificate via the load certificate message 620, which is received by the main processor 230 and forwarded to the secure processor 250. The secure processor 250 loads the certificate into the memory 254, sets the flag to be filled in, and sends an authorization message 624 back to the certificate authority 600.
    [71] 6C illustrates an unsuccessful attempt when attempting to load a certificate into security unit 240. Initially, the certification authority 600 sends a certificate load request message 612. The main processor 230 receives and processes the message and in response sends a request 614 requesting to check the state of the secure storage. The secure processor 250 receives the request and determines the state of the secure storage (in this case, filled) and sends a message 636 indicating this state. Since the secure storage has been filled, the main processor 230 sends a first message 638 indicating that a certificate already exists in the secure storage and a second message 640 requesting authentication of the certificate authority 600. .
    [72] In response to the message 640, the certification authority 600 sends a signed message 642. The main processor 230 receives and processes the message 642 and sends a message 644 to the secure processor 250 requesting to authenticate the signed message. The security processor 250 verifies the signed message and, if not authenticated, transmits an error message 645 indicating an authentication failure. The main processor 250 receives the error message and forwards it to the certification authority 600. An error message closes the transaction.
    [73] The secure processor 250 may be designed to perform various functions that support secure processing and data storage. These functions include any combination of the following functions: signature generation and verification, encryption and decryption, database management, update approval of secure data in secure storage, accounting, error message processing, and other possible functions. Program instructions for some or all of the supported functions are stored in security unit 254 (eg, ROM 252 or memory 254). This allows the security processor 250 to perform a function based on instructions known to be reliable. It also prevents external elements (eg, main processor 230) from impersonating secure processor 250 and prevents malicious access to secure storage. Securely stored program instructions include implementing hash functions, encryption, decryption and signature algorithms, accounting functions, data management functions, and the like.
    [74] For authentication, secure processor 250 is requested to generate and sign a message using the public key and provide a signed message to main processor 230, which sends the signed message to the desired receiving entity. Signature generation can be performed based on any of the digital signature and encryption algorithms mentioned. Secure processor 250 provides a certificate that includes the public key of the remote terminal, which is used by the receiving entity to authenticate the remote terminal.
    [75] Secure processor 250 is designed to authenticate each entity requesting to retrieve, load, or update data stored in secure storage. In general, secure processor 250 authenticates each entity that wishes to access data stored in secure storage. Authentication is accomplished by verifying a signed message from the requesting entity (eg, based on one of the requesting entity's certificate or the requesting entity's public key, which are already included in the certificate already stored in secure storage). Signature verification is performed based on the same or complementary algorithm used to generate the signature.
    [76] The message is used to generate a signature, which is authenticated by the receiving entity (eg, remote terminal or external entity). Thus, the data in the message is verified if the signature is checked. However, the message is sent transparently and no protection against eavesdropping is provided. For many applications, it is only important to verify the actual identification number of the entity, and authentication through digital signatures is sufficient.
    [77] Encryption is used to protect sensitive data from eavesdroppers. For encryption, secure processor 250 is asked to encrypt data using a secret key. The encrypted data is provided to the main processor 230, which sends the encrypted data to the desired receiving entity. The secret key is generated based on the receiving entity's private key using, for example, the Diffle-Hellman or RSA algorithm. The security processor 250 is asked to decrypt the encrypted data using the private key of the remote terminal. Encryption and decryption of traffic is performed based on any one of the ciphering algorithms (eg, DES, IDEA, etc.) mentioned. The key interchange and traffic encryption / decryption algorithms are independent of the use of private key encryption.
    [78] For each secure transaction through secure processor 250, an external entity may be authenticated as mentioned. Once the external entity is authenticated, the secure processor 250 can process the received message. Depending on the transaction, data may be extracted from received messages and stored in secure storage or retrieved from secure storage and provided via signed or encrypted messages. The transaction optionally requests an update of the data in the secure storage. For example, funds stored in secure storage are deducted for purchases or some other transaction or increased for replenishment.
    [79] Sensitivity data is securely stored and / or updated based on various schemes. In one scheme, sensitive data is stored in security unit 240 (eg, in memory 254 or possibly in ROM 252). In this scheme, data is verified once received before being stored in secure storage. For this scheme, data is stored in plain form (ie, unencrypted form). Subsequent data manipulation and updating of data are performed in the security unit 240. Since the security unit 240 is always stored in the security unit under the control of the security unit, the integrity of the data is guaranteed.
    [80] In another scheme, sensitive data is stored outside the secure unit (eg, in system memory 236) in secure form. Again, security unit 240 verifies data when received from an external element (eg, main processor 230). Prior to data storage, security unit 240 signs or encrypts the data using the private key stored within the security unit, depending on the desired implementation. The security data is stored outside the security unit 240. For subsequent connection, manipulation and / or update, the secured data is retrieved from external storage, verified or decrypted and processed by security unit 240. The security unit 240 is secured prior to storage and the integrity of the data is guaranteed since it is verified prior to each use.
    [81] Other schemes for storing and manipulating data to ensure integrity may also be used within the scope of the present invention.
    [82] The secure processor 250 is designed to generate an error message or alarm for an incomplete transaction (eg, upon authentication failure) in response to an unauthorized attempt to access secure data. Error messages can include the failure level (e.g. warning or fatal error), the cause of the error (e.g. unwanted message reception, poor record hash, signature not checked, offset failure, send and receive failure, illegal parameter , Certificate errors, insufficient funds in the transaction, entities to be authenticated, etc.) and other possible information.
    [83] Security processor 250 is designed to support any number of security protocols, such as secure socket layer (SSL) protocols, transport layer security (TLS) protocols, and other protocols. Such protocols known to those skilled in the art are not described herein. Each protocol establishes a secure communication used to establish security possibilities, interchange keys and certificates, and a send and receive protocol used to set message protocols, and transmits secure data.
    [84] For each secure transaction, the remote terminal represents the capacity of the server or client. Like a server, a remote terminal is requested by another entity to provide secure data. Before providing the requested data, the remote terminal typically authenticates the requesting entity. As a client, the remote terminal requests security data from another entity and is asked to provide the information required by the other entity to authenticate the remote terminal.
    [85] In a typical SSL transaction, the server does not authenticate the client via an encryption protocol. However, the server authenticates via other means, such as credit card authentication. In one embodiment, the server authenticates the client for each secure transaction (eg, a cache register attempting to withdraw cash from the wallet implemented by the secure processor). In a typical SSL transaction, the client always authenticates the server. In one embodiment, the server authenticates the client for secure transactions (eg, medical record retrieval, etc.).
    [86] 7 is a diagram illustrating a secure transaction between a client and a server. The remote terminal acts like a capacity for these transactions, and these transactions are divided into four stages. In a first step, hello messages 712a and 712b are interchanged between the client and server and establish a secure communication. In a second step, the server sends a server certificate, exchanges the server public key, and requests a client certificate via messages 722, 724, and 726, respectively. The server terminates with a server hello terminate message 728.
    [87] In response to the server message, the client sends the client certificate, exchanges the client public key, and requests verification of the certificate via messages 732, 734, and 736, respectively. In the fourth step, once the certificate is authenticated, the client and server enable the encryption suite and terminate the exchange via messages 742 and 744. Enabling encryption suite simply means 'enable' the cipher from the time forward to that point. Each entity knows when the received stream is encrypted. The data is then securely exchanged between the client and server through an interchanged key.
    [88] The security processor 250 and the main processor 230 are each a digital signal processor (DSP), an application specific integrated circuit (ASIC), a processor, a microprocessor, a controller, a microcontroller, an on-demand gate array, each designed to perform the functions described herein. (FPGA), programmable logic devices, other electronic units, or any combination thereof. The integrated circuit implementing the secure processor 250 may further include other elements of the remote terminal 110, such as, for example, the main processor 230, the TX and RX data processors 210, 224, and the like.
    [89] Non-volatile memory (e.g., memory 254 and ROM 252) may include flash memory, programmable ROM (PROM), erasable PROM (EPROM), electronically erasable PROM (EEPRROM), battery supplemental RAM, some other Memory technology or a combination thereof. Volatile memory (eg, portion of memory 256) is implemented in random access memory (RAM), flash memory, some other memory technology, or a combination thereof.
    [90] The previous description of the described embodiments is provided to enable any person skilled in the art to make or use the present invention. Those skilled in the art will recognize that many modifications to these embodiments are possible and that the general principles described are possible without departing from the spirit or scope of the invention. Thus, the present invention is not limited to the embodiments described herein but is to be accorded the widest scope consistent with the principles and novel features described herein.
    权利要求:
    Claims (26)
    [1" claim-type="Currently amended] As a remote terminal in a wireless communication system,
    A data processing unit configured to process data for communication over a wireless link;
    A main processor coupled to the data processing unit and configured to provide control to the remote terminal, the data processing unit and the main processor being an unsecured unit that may be compromised by illegal activity by an external entity. Is; And
    A security unit operatively connected to the main processor, the security unit comprising:
    A security processor configured to perform security processing for the remote terminal; And
    Includes secure memory configured to provide secure storage of data,
    The security unit is physically encapsulated within a security module and configured to prevent unauthorized access to the secure memory via a hardcoded protocol.
    [2" claim-type="Currently amended] The remote terminal of claim 1, wherein the security unit is a read-only memory (ROM) configured to store program instructions and parameters used for the security processing.
    [3" claim-type="Currently amended] 3. The remote terminal of claim 2, wherein the ROM is embedded within the secure processor.
    [4" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure processor and the secure memory are implemented within a single integrated circuit and physically encapsulated.
    [5" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure processor and the secure memory are physically encapsulated within a unit in which a write change is prevented or there is a write change.
    [6" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure processor and the secure memory are permanently fixed within the remote terminal.
    [7" claim-type="Currently amended] The remote terminal of claim 1 wherein messaging and data are interchanged with the security unit via a single entry point provided by a bus.
    [8" claim-type="Currently amended] The remote terminal of claim 1, wherein the security unit is configured to implement public key encryption for the security processing.
    [9" claim-type="Currently amended] 9. The remote terminal of claim 8, wherein a private key assigned to the remote terminal is embedded in the security processor.
    [10" claim-type="Currently amended] 10. The remote terminal of claim 9, wherein the private key is permanently etched into the secure processor.
    [11" claim-type="Currently amended] 10. The remote terminal of claim 9, wherein the private key assigned to the remote terminal is stored in a ROM in the secure processor.
    [12" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure processor is configured to implement one or more security protocols.
    [13" claim-type="Currently amended] 13. The remote terminal of claim 12, wherein the one or more security protocols include a secure socket layer (SSL) protocol or a transport layer security (TLS) protocol or both.
    [14" claim-type="Currently amended] The remote terminal of claim 1, wherein the security unit is configured to act as a client or server for each secure transaction with an external entity.
    [15" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure memory is configured to store electronic funds.
    [16" claim-type="Currently amended] 2. The remote terminal of claim 1, wherein the secure memory is configured to store encryption parameters used for the secure processing.
    [17" claim-type="Currently amended] The remote terminal of claim 1, wherein the secure memory is configured to store one or more certificates used for authentication.
    [18" claim-type="Currently amended] 18. The remote terminal of claim 17, wherein the certificate is loaded into the secure memory through a secure transaction with a certificate authority.
    [19" claim-type="Currently amended] 19. The remote terminal of claim 18, wherein different levels of security are implemented for certificate loading transactions depending on whether a certificate has already been loaded on the remote terminal.
    [20" claim-type="Currently amended] As a remote terminal in a wireless communication system,
    A data processing unit configured to process data for communication over a wireless link;
    A main processor coupled to the data processing unit and configured to provide control for the remote terminal, the data processing unit and the main processor being an unsecured unit that may be compromised by illegal activity by an external entity; And
    A security unit embedded within the main processor and configured to perform secure processing for the remote terminal and provide secure storage of data, wherein the security unit is configured to implement public key encryption for secure processing; Is a remote terminal configured to prevent unauthorized access to securely stored data via a hardcoded protocol.
    [21" claim-type="Currently amended] A method of providing secure processing and data storage for a wireless communication device,
    Defining a secure processor in the communication device to perform secure processing;
    Defining secure storage in the communication device to provide secure data storage;
    Storing program instructions and parameters used for secure processing in a secure processor or secure storage, the stored program instructions implementing a hardcoded protocol; And
    And physically encapsulating the secure processor and secure storage in a secure unit.
    [22" claim-type="Currently amended] 22. The method of claim 21, wherein the secure processor and the secure storage are physically encapsulated within a single integrated circuit (IC).
    [23" claim-type="Currently amended] The method of claim 21,
    Permanently securing the encapsulated security processor and secure storage in the communication device.
    [24" claim-type="Currently amended] A method of providing secure processing and data storage for a wireless communication device,
    Receiving a first message initiating a secure transaction with an external entity;
    Authenticating the external entity via a secure processor located within the communication device; And
    If the external entity is authenticated, performing a secure process for a secure transaction with the secure processor,
    And the security unit is physically encapsulated within a security module and configured to prevent unauthorized access to the secure memory via a hardcoded protocol.
    [25" claim-type="Currently amended] 25. The method of claim 24, wherein said secure processing is performed based on program instructions stored within said secure processor.
    [26" claim-type="Currently amended] 25. The method of claim 24, wherein said authentication is achieved through certificate interchange.
    类似技术:
    公开号 | 公开日 | 专利标题
    Oppliger2016|SSL and TLS: Theory and Practice
    US9264223B2|2016-02-16|System and method for distributed security
    US9160732B2|2015-10-13|System and methods for online authentication
    JP2017063432A|2017-03-30|System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
    KR102123494B1|2020-06-29|Secure remote payment transaction processing
    US9832024B2|2017-11-28|Methods and systems for PKI-based authentication
    US10595201B2|2020-03-17|Secure short message service | communications
    US9893892B2|2018-02-13|Authenticated remote pin unblock
    JP2014161027A|2014-09-04|Encryption method for secure packet transmission
    Toorani et al.2008|SSMS-A secure SMS messaging protocol for the m-payment systems
    US8635445B2|2014-01-21|Method for digital identity authentication
    US8302167B2|2012-10-30|Strong authentication token generating one-time passwords and signatures upon server credential verification
    EP0651533B1|2004-05-12|Method and apparatus for privacy and authentication in a mobile wireless network
    US7502930B2|2009-03-10|Secure communications
    US8296825B2|2012-10-23|Method and system for a secure connection in communication networks
    EP2495932B1|2015-07-08|Digital rights management using trusted processing techniques
    US8037295B2|2011-10-11|Hardware-bonded credential manager method and system
    US6449473B1|2002-09-10|Security method for transmissions in telecommunication networks
    US8144874B2|2012-03-27|Method for obtaining key for use in secure communications over a network and apparatus for providing same
    CN101018125B|2010-06-16|Radio terminal security network and card locking method based on the ellipse curve public key cipher
    JP4723251B2|2011-07-13|Secure integration and use of device-specific security data
    DE60119489T2|2006-09-28|Method of inspection of data integrity, corresponding device and mobile terminal
    DE60207869T2|2006-07-20|Method and system for processing information in an electronic device
    US8397060B2|2013-03-12|Requesting digital certificates
    US7707412B2|2010-04-27|Linked authentication protocols
    同族专利:
    公开号 | 公开日
    CA2441010A1|2002-09-26|
    WO2002076127A1|2002-09-26|
    CN1504057A|2004-06-09|
    KR100910432B1|2009-08-04|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2001-03-16|Priority to US27638001P
    2001-03-16|Priority to US60/276,380
    2001-04-05|Priority to US09/826,742
    2001-04-05|Priority to US09/826,742
    2002-03-15|Application filed by 콸콤 인코포레이티드
    2002-03-15|Priority to PCT/US2002/007693
    2003-10-10|Publication of KR20030080095A
    2009-08-04|Application granted
    2009-08-04|Publication of KR100910432B1
    优先权:
    申请号 | 申请日 | 专利标题
    US27638001P| true| 2001-03-16|2001-03-16|
    US60/276,380|2001-03-16|
    US09/826,742|2001-04-05|
    US09/826,742|US7047405B2|2001-04-05|2001-04-05|Method and apparatus for providing secure processing and data storage for a wireless communication device|
    PCT/US2002/007693|WO2002076127A1|2001-03-16|2002-03-15|Method and apparatus for providing secure processing and data storage for a wireless communication device|
    [返回顶部]